Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [lets-encrypt]

Let's Encrypt is a certificate authority that provides free X.509 certificates for TLS encryption.

Let's Encrypt is a certificate authority that entered public beta on December 3, 2015 that provides free X.509 certificates for Transport Layer Security encryption (TLS) via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation and renewal of certificates for secure websites.

An Python certificate management program called letsencrypt gets installed on the client side (the web server of an enrollee). This is used to order the certificate, to conduct the domain validation process, to install the certificate, to configure the HTTPS encryption in the HTTP server, and later to regularly renew the certificate.

After installation and agreeing to the user license, executing a single command is enough to get a valid certificate installed. Additional options like OCSP stapling or HTTP Strict Transport Security (HSTS) can also be enabled. Automatic setup initially only works with Apache and nginx.

Source: Wikiepdia

840 questions
242
votes
11 answers

How to use Let's Encrypt DNS-01 challenge validation?

Let's Encrypt has announced they have: Turned on support for the ACME DNS challenge How do I make ./letsencrypt-auto generate a new certificate using DNS challenge domain validation? EDIT I mean: How do I avoid http/https port binding, by using…
Pierre Prinetti
  • 2,555
36
votes
5 answers

how do I change the admin email for let's encrypt?

The email address used as the admin email when we started using let's encrypt needs to be modified (a former employee used his personal email address as the admin email and he is no longer with the firm). What steps need to be taken to get that…
ali haider
  • 1,180
  • 3
  • 16
  • 29
21
votes
2 answers

How can Let's Encrypt verify the identity over insecure http?

I just started using Let's Encrypt. The http-01-challenge is simple enough: Make a webserver respond to http://example.com Ask Let's Encrypt for a challenge-file Provide the file unter http://example.com/.well-known/acme-challenge Receive the…
Andreas
  • 393
17
votes
1 answer

How to setup coturn with letsencrypt

Giving this setup: A Nginx is providing a .well-known folder listening on port 80/443 on the server to exchange the chellange for Letsencrypt. The certificate is created properly and can be used e.g. in mentioned Nginx. When trying to make usage…
frlan
  • 573
5
votes
1 answer

Cert not yet due for renewal ... but it's expired

I am trying to renew a wildcard let's encrypt certificate. /usr/local/bin/certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing…
Maxim Yefremov
  • 281
5
votes
6 answers

What are my options for moving my LetsEncrypt certificate from one server to another?

I have an ubuntu server running through Digital Ocean that has an SSH certificate that I got through LetsEncrypt. I'm trying to switch to a cheaper service, and I need to move the cert to my new server. How can I do this? It looks like I can revoke…
Kecoey
  • 153
5
votes
2 answers

Reuse letsencrypt DNS challenge

With letsencrypt, certificates have to be renewed every 90 days. Every time a cert is renewed, ownership of the domains included in the cert has to be proven again. It is possible to do so by adding a _acme-challenge DNS record. Is it possible to…
Zulakis
  • 4,233
3
votes
0 answers

What is the appropriate way to give non-root services access to letsencrypt certs

I have a service (ejabberd, though this question isn't specific to ejabberd) that runs as a non-root user. I want it to use a letsencrypt-provided certificate. Ideally I would like letsencrypt to put/update a cert into the service's configuration…
Andrew
  • 1,174
2
votes
1 answer

Why does my domain show an SSL from another domain?

I've deleted the Letsencrypt SSL for my domain, now i cannot access it through http. I am prompted to bypass the warning by my browser (Chrome and Firefox), and access it throught the strike through https (the site is www.phpninja.fr. However this…
Yvon Huynh
  • 199
2
votes
1 answer

Let's Encrypt Expiry Bot (certificate expiration notice)

I use Let's Encrypt on Ubuntu 17.10 server with Apache HTTP server. In crontab I have: 15 3 * * * /usr/bin/certbot renew If I check expire date with: sudo certbot certificate I get report for my two certificates with expire date 2018-03-18. So…
JanezKranjski
  • 133
1
vote
1 answer

SSL ACME Manager / Relay / Deployment

I would like to ask if anyone is aware of a tool, which can obtain and manage certificates from an upstream instance (like Let's Encrypt via HTTP-01 or DNS-01) and make them available trough eg. local ACME. Furthermore I would wish I could add a…
engelant
  • 21
1
vote
1 answer

Let's encrypt does try to renew an old domain

I get this error if I run this command: certbot -q renew Attempting to renew cert (example-master.com) from /etc/letsencrypt/renewal/example-master.com.conf produced an unexpected error: Failed authorization procedure. www.example-sub.com…
guettli
  • 3,833
1
vote
1 answer

Certbot-auto not renewing on cron job

I have the following set up via cron: /usr/sbin/certbot-auto renew --force-renew --quiet --post-hook "/sbin/service httpd reload" >> /var/log/letsencrypt/letsencrypt.log 2>&1 I found out this is not renewing the certificate and when I tried running…
ryekayo
  • 472
1
vote
0 answers

Incomaptible server name

I installed a Letsencrypt cert using certbot for my domain carmensteffens.us Everything is ok except, in browsers (Chrome and Safari) for Apple devices (iOS and OSX). The browsers in Apple devices says: Invalid certificate (server name…
ramiromd
  • 111
1
vote
1 answer

ERR_CONNECTION_TIMED_OUT after dokku letsencrypt myapp.mysub.mydomain.net

Site was working fine, until I tried to activate letsencrypt. Seems like it installed without issue. dokku letsencrypt myapp.mysub.mydomain.net =====> Let's Encrypt myapp.mysub.mydomain.net -----> Updating letsencrypt docker image... latest: Pulling…
netplusdesign
  • 11
1
2 3